The thing is, you don't need to be quite an expert.
All your evil roommate <for arguments stake evil of course> needs to do is set his network card in promiscuous mode <this makes the network card receive all data, instead of just his own data>
And type in de terminal something like 'sudo tcpdump -i en1 -v' which gives you ALL TCP traffic from your computer on the network. And TCP language isn't that hard to read, here is a piece i just drew from my pb while syncing my .mac idisk:
12:56:59.396461 IP (tos 0x0, ttl 48, id 41555, offset 0, flags [DF], length: 598) idisk.mac.com.http > localhost.53008: P 5198:5744(546) ack 5652 win 8688 <nop,nop,timestamp 3103860893 778801639>
12:56:59.396697 IP (tos 0x0, ttl 48, id 41556, offset 0, flags [DF], length: 57) idisk.mac.com.http > localhost.53008: P [tcp sum ok] 5744:5749(5) ack 5652 win 8688 <nop,nop,timestamp 3103860893 778801639>
12:56:59.454788 IP (tos 0x0, ttl 64, id 17591, offset 0, flags [DF], length: 52) localhost.53008 > idisk.mac.com.http: . [tcp sum ok] ack 5749 win 65535 <nop,nop,timestamp 778801639 3103860893>
You can clearly see, all info you need.... Source <localhost>, Destination <idisk.mac.com> and type of transfer <http>
Is this an answer that helps you?
Cuckoo